function main() {
	// 验证用户权限
	'use api/user/acl/excerpt.js'

	const data = payload.get().body.toObject();
	// 判断旧密码是否符合
	const findRes = SQL.query('system_sql', 'SELECT * FROM sys_users WHERE user_id = ?', data.userId);
	if (findRes) {
		if (!crypto.bcrypt.diff(data.oldPassword, findRes[0].password)) {
			return errMsg(507, '旧密码错误');
		}
	}
	// 加密
	const newPassword = crypto.bcrypt.encrypt(data.newPassword, 10);

	const query = `UPDATE sys_users SET password = ?, update_time = NOW() WHERE user_id = ?`;
	const res = SQL.exec('system_sql', query, newPassword, data.userId);
	if (res) {
		return okMsg(res);
	}
	return errMsg(507, '修改失败');
}
